Miles to go ... - Arun Gupta: Securing WebSocket using wss and HTTPS/TLS (Tech T
原文 http://www.tuicool.com/articles/goto?id=JR3mmy
50th tip on this blog, yaay!
Tech Tip #49explained how to secure WebSockets using username/password and Servlet Security mechanisms. This Tech Tip will explain how to secure WebSockets using HTTPS/TLS on WildFly.
Lets get started!
Create a new keystore:
keytool -genkey -alias websocket -keyalg RSA -keystore websocket.keystore -validity 10950 Enter keystore password: Re-enter new password: What is your first and last name?[Unknown]: Arun Gupta What is the name of your organizational unit?[Unknown]: JBoss Middleware What is the name of your organization?[Unknown]: Red Hat What is the name of your City or Locality?[Unknown]: San Jose What is the name of your State or Province?[Unknown]: CA What is the two-letter country code for this unit?[Unknown]: US Is CN=Arun Gupta, OU=JBoss Middleware, O=Red Hat, L=San Jose, ST=CA, C=US correct?[no]: yesEnter key password for <websocket> (RETURN if same as keystore password): Re-enter new password:
Used “websocket” as the convenience password.
- Download WildFly 8.1 , unzip, and copy “websocket.keystore” file in
standalone/configuration
directory. - Start WildFly as
./bin/standalone.sh
- Connect to it using jboss-cli as:
./bin/jboss-cli.sh -c
Add a new security realm as:
[standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm:add() {"outcome" => "success"}
And configure it:
[standalone@localhost:9990 /] /core-service=management/security-realm=WebSocketRealm/server-identity=ssl:add(keystore-path=websocket.keystore, keystore-relative-to=jboss.server.config.dir, keystore-password=websocket) {"outcome" => "success","response-headers" => {"operation-requires-reload" => true,"process-state" => "reload-required"} }
- Add a new HTTPS listener as:
[standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=WebSocketRealm) {"outcome" => "success", "response-headers" => {"process-state" => "reload-required"} }
- A simple sample to show TLS-based security for WebSocket is available at github.com/javaee-samples/javaee7-samples/tree/master/websocket/endpoint-wss
. Clone the workspace and change directory to “websocket/endpoint-wss”. The sample’s deployment descriptor has:
<security-constraint><web-resource-collection><web-resource-name>Secure WebSocket</web-resource-name><url-pattern>/*</url-pattern></web-resource-collection><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint> </security-constraint>
This ensures that any request coming to this application will be auto-directed to an HTTPS URL.
- Deploy the sample by giving the command:
mvn wildfly:deploy
Now accessing http://localhost:8080/endpoint-wss redirects to https://localhost:8080/endpoint-wss . The browsers may complain about self-signed certificate. For example, Chrome shows the following warning:
And Safari shows the following warning:
In either case, click on “Proceed to localhost” or “Continue” to proceed further. And then a secure WebSocket connection is established.
Another relevant point to understand is that a non-secure WebSocket connection cannot be made from an https-protected page. For example the following code in our sample:
new WebSocket("ws://localhost:8080/endpoint-wss/websocket");
will throw the following exception in Chrome Developer Tools:
[blocked] The page at 'https://localhost:8443/endpoint-wss/index.jsp' was loaded over HTTPS, but ran insecure content from 'ws://localhost:8080/endpoint-wss/websocket': this content should also be loaded over HTTPS. Uncaught SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.
Enjoy!
Miles to go ... - Arun Gupta: Securing WebSocket using wss and HTTPS/TLS (Tech T相关推荐
- websocket wss_使用wss和HTTPS / TLS保护WebSocket的安全
websocket wss 这个博客的第50条提示,是的! 技术提示#49说明了如何使用用户名/密码和Servlet安全机制保护WebSocket的安全. 本技术提示将说明如何在WildFly上使用H ...
- 使用wss和HTTPS / TLS保护WebSocket的安全
是这个博客的第50条提示,是的! 技术提示#49说明了如何使用用户名/密码和Servlet安全机制保护WebSocket的安全. 本技术提示将说明如何在WildFly上使用HTTPS / TLS保护W ...
- Arun Gupta通过将HTML5与Java EE 7拥抱来提高生产力
Oracle Java EE专家Arun Gupta简要介绍了Java EE7. 经Oracle公司Oracle技术网络的许可,转载. 在2013年1月14日至16日举行的年度IOUC(国际Oracl ...
- 评论:Arun Gupta撰写的“ Java EE 6 Pocket Guide”
这是我很高兴写的评论. 我的朋友阿伦(Arun)发布了Java EE 6袖珍指南,该指南将在您订购时尽早提供. 我很早就知道这本书,因为我很乐意对其进行回顾,也感谢有机会为本书做出一点贡献! Kind ...
- python websocket服务器https_Socket与WebSocket以及http与https重新总结
Socket与WebSocket以及http与https重新总结 一.Socket 网络中的Socket是一个抽象的接口 ,而是为了方便使用TCP或UDP而抽象出来的一层 ,可以理解为网络中连接的两端 ...
- WebSocket连接wss链接
参考链接:http://www.juliankrone.com/connect-and-transfer-data-with-secure-websockets-in-android/ WebSock ...
- C# Websocket连接(wss)
一.什么是Websocket? 1.WebSocket是HTML5下一种新的协议(websocket协议本质上是一个基于tcp的协议) 2.它实现了浏览器与服务器全双工通信,能更好的节省服务器资源和带 ...
- Websocket实现wss协议连接支持语音聊天功能
部署单页应用 SPA 时,我们通常使用 Nginx 做中间层进行转发代理.为了保护 Web 安全,要求我们使用 HTTPS(HTTP + SSL) 以及 WSS(Websocket + SSL) 进行 ...
- 详细nginx配置websocket的wss协议
需求: 小程序连接websocket,必须使用wss协议 nginx配置websocket以及wss协议 其实wss协议就是使用了ssl协议的域名所自带的协议,所以wss协议需要域名来进行socket ...
最新文章
- 各种注意力机制PyTorch实现
- 自建MySQL5.6数据库查询优化
- Hadoop MapReduce手机上网流量统计代码示例及运行结果演示
- android 分享图片和视频
- C++中__uuidof是干什么用的
- Kubernetes 1.20 发布:妙啊
- I.Mx6 使用串口连接PSAM卡的注意事项
- 在windows 2003系统安装oracle11G出现的问题
- 怎么看电脑电源多少w_UPS不间断电源设备哪个品牌好?如何选购家用电脑UPS电源?UPS电源价格多少?...
- HTTP之Cache-Control基本概念以及实例(C++ Qt实现)
- Object Relational Tool Comparison Dot Net
- php 静态成员(static)抽象类(abstract)和接口(interface)
- 第 1 章 MySQL 的架构介绍
- centos7-每天定时备份 mysql数据库
- get buffer from CMSampleBufferRef
- 从零开始学OpenCV(一)——OpenCV的安装
- 医疗健康大数据:应用实例与系统分析
- 数字2DPSK频带传输系统的设计(文内附完整代码)
- 在java中如何输入_java如何输入
- 民营企业的13种死法